GHSA-f52g-6jhx-586p

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Denial of Service in handlebars

Affected versions of handlebars are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service.

Recommendation

Upgrade to version 4.4.5 or later.

Ссылки

https://www.npmjs.com/advisories/1300

Пакеты

Наименование

handlebars

npm

Затронутые версииВерсия исправления

>= 4.0.0, < 4.4.5

4.4.5

Дефекты

CWE-400

Дефекты

CWE-400